Hi Robert,
The information I got from the logs tells me that the spam mail was sent
manually by copying several hundreds of e-mail addresses to the bcc field.
I think it's very hard to use RoundCube for automatic/scripted spam
sending because you need to have a valid session which is checked by a
cookie and the session hash within the URL. After sending a message, you
have to reload the compose page to get a new "sending session". Of
course one could write a script doing right that but it would be very
complicated and you could also write it for GMX or Hotmail accounts.
I planned to add some spam-protection functions such as a limit for
recipients and checking the time since the last message was sent.
Regards,
Thomas
Robert Copelan wrote:
> Thomas,
> Was the demo site being used to manually send spam
> mail or was it being used by an automatic program? If
> an automatic program, are there steps we should take
> with our existing installations to reduce the
> possiblity of spam?
>
> Regards/MfG,
>
> Robert
>